Florent Guillaume wrote:
class ProtectedUsername:
    """An object where the username is not accessible from user code."""
    def _setUsername(self, username):
        self.__username = username

    def _getUsername(self):
        return self.__username

Very simple indeed.

Even a traceback will not show this username anymore if its inside an object without __repr__ :-)

Well the username is not secret. Indeed, it would be interesting to have
a __str__ to debug what's in SESSION and maybe allow user code to check
what's there.

Yup. However, I just made it a bit more generic, so now it's not the username that is stored, but any authentication info you might like. That makes it possible to use from other plugins too, but of course, displaying it them may be a bit more sensitive.

Probably it would only store username and password, and the user obviously already knows his own password, but still...

Ah well, this is PLuggableUserFolder internal stuff anyway, so...
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to